Skip to main content

Adding an issue to a policy

Roles and permissions

The following roles can add an issue to a policy:

  • Administrators with manager or contributor permissions on the policy

  • Compliance managers with manager or contributor permissions on the policy

  • Users with manager or contributor permissions on the policy

Use issues to track exceptions to a policy. For example, if your organization has a security policy that requires that all passwords be 16 characters long, but you have a legacy system that can only accept 12 characters, you need to log an exception. In this case, you can add an issue outlining the problem and the solution over time, such as upgrading the legacy system when the budget allows or replacing it with a newer system. Based on this issue, you might create a  risk in Hyperproof to make people in your organization aware that the problem exists and how it affects your overall risk.

To add an issue to a policy:

  1. From the left menu, select Policies.

  2. Select the policy where you want to add an issue.

  3. Select the Issues tab.

  4. Click +New.

    The Create new issue window displays.

  5. Enter the following information:

    1. Summary (required) - A summary of the issue and the potential result if it isn't remediated

    2. Description - A detailed overview of the issue

    3. Make issue private checkbox - Select this checkbox to make the issue private. Doing so restricts inheritance—only users explicitly added to the issue’s facepile can see the issue. Other users (such as members of affected objects) can see that the issue exists, but they’ll only see the issue ID. To access the issue, they’ll need to contact the issue manager(s).

    4. Action plan - The plan to remediate the issue

    5. Impact - The impact the issue has on your organization if it isn't resolved

    6. Priority - The priority level for resolving the issue

    7. Assignee - The individual who will work to remediate the issue

    8. Effort level - The amount of effort it'll take your organization to remediate the issue

    9. Business owner - The individual who owns the issue. Note that a contact can also be an owner.

    10. Executive sponsor - The individual who is of senior level and ultimately responsible for overseeing the remediation of the issue

    11. Due date - The date that the remediation is due

    12. Discovered on - The date that the issue was discovered

    Tip

    Business owners and executive sponsors can have an Unassigned status.

    For example, if a business owner had been previously assigned to the issue, but the need for an owner is no longer required, the status can be set to Unassigned.

  6. Click Create.

In this section: